<?php
class Contents {
	public $docuid;
	public $docuid2;
	public $webtitle;
	public $pagetitle;
	public $checkinby;
	public $checkindate;
	public $actpresence;
	public $checkedin;
	public $keywords;
	public $description;
	public $editmode;
	public $language;
	public $template;

	function __construct($editmode) {
		$this->editmode=$editmode;
		if (isset($_GET["name"]) || isset($_GET["dirname"])) {
			if (isset($_GET["name"])) {
				$this->get_document();
			} elseif(!empty($_GET["dirname"])) {
				$this->get_dir();
			} else {
				$this->get_dir(getsetting("navigation_home"));
			}
		} else {
			$this->get_dir(getsetting("navigation_home"));
		}
		if (!empty($_POST)) {
			$_POST=$this->sec_addslashes($_POST);
		}

		if (!empty($_GET)) {
			$_GET=$this->sec_addslashes($_GET);
		}
		define("PRESENCE", $this->get_presence_id());
	}

	function response404() {
		header("HTTP/1.1 404 Not Found");
		$this->get_document(getsetting("404error"));
	}
	

	public static function sec_addslashes($array) {
		while (list ($key, $val) = each ($array)) {
			if (is_array($val)) {
				$array[$key]=Contents::sec_addslashes($val);
			} else {
				// before add slashes strip them... If the server has magic_quotes on...
				$array[$key]=addslashes(stripslashes($val));
			}
		}
		return $array;
	}

	function response401() {
		header("HTTP/1.0 401 Unauthorized");
		$this->get_document(getsetting("401error"));
	}

	function loginpage($usergroups) {
		header("HTTP/1.0 401 Unauthorized");
		header("WWW-Authenticate: " .
		"Basic realm=\"Gesch�tzter Bereich: " .
		"Bitte geben Sie Benutzername und Kennwort ein.\"");
	}
	
	function checklanguage() {
		// print_r($_SESSION);
		if(!empty($_SESSION["language"])) {
			return $_SESSION["language"];
		} elseif(!empty($_SERVER["HTTP_ACCEPT_LANGUAGE"])) {
			$langs=explode(",", $_SERVER["HTTP_ACCEPT_LANGUAGE"]);
			for($i=0; $i<count($langs); $i++) {
				if(stristr($langs[$i], ";")) {
					$langs1=explode(";", $langs[$i]);
					$langs[$i]=$langs1[0];
				}
				$search_lang=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."languages_search WHERE loc='". $langs[$i] ."'");
				if(mysql_num_rows($search_lang)==1) {
					$row_lang=mysql_fetch_object($search_lang);
					return $row_lang->language;
				}
			}
			return getsetting("standard_language");
		} else {
			return getsetting("standard_language");
		}
	}
	
	function getlanguage($docuid) {
		if(!empty($_GET["changelanguage"]) && strlen($_GET["changelanguage"])==2) {
			$editlang=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."languages WHERE shortname='". $_GET["changelanguage"] ."'");
			if(mysql_num_rows($editlang)==1) {
				$_SESSION["language"]=$_GET["changelanguage"];
				unset($_GET["changelanguage"]);
			}
		}
		if($this->editmode==1) {
			$editlang=mysql_query("SELECT editlang FROM ". $GLOBALS["db_pref"] ."content_documents WHERE id2='". $docuid ."'");
			if(mysql_num_rows($editlang)==1) {
				$row_lang=mysql_fetch_object($editlang);
				return $row_lang->editlang;
			} else {
				return getsetting("standard_language");
			}
		} elseif(isset($_SESSION["language"])) {
			return $_SESSION["language"];
		} else {
			return $this->checklanguage();
		}
	}

	function checkwebuser($usergroups) {
		if(!empty($_SERVER["PHP_AUTH_USER"]) && !empty($_SERVER["PHP_AUTH_PW"])) {
			$groups=explode(",",$usergroups);
			$groupsql=array();
			for($g=0; $g<count($groups); $g++) {
				$groupsql[]="gruppe='". $groups[$g] ."'";
			}
			$webusers=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."webusers WHERE username='". $_SERVER["PHP_AUTH_USER"] ."' AND passwort='". $_SERVER["PHP_AUTH_PW"] ."' and (". implode(" or ", $groupsql) .")");
			if (mysql_num_rows($webusers)<1) {
				return false;
			} else {
				$_SESSION["login_webuser"]=$_SERVER["PHP_AUTH_USER"];
				return true;
			}
		} else {
			$this->loginpage($usergroups);
		}
	}

	function get_document($docuid="") {
		if ($docuid=="") {
			$docuid=$_GET["name"];
		}		
		if (strlen($docuid) > 11)
		{
			$name=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."content_documents WHERE ((id='". str_replace(".html","", $docuid) ."' or shortname='". $docuid ."') and checkin_date!='0') and deleted='0'");
		}
		else
		{
			$name=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."content_documents WHERE (((id='". str_replace(".html","", $docuid) ."' or shortname='". $docuid ."') and checkin_date!='0') or id2='". $docuid ."') and deleted='0'");
		}
		$found=false;
		if (mysql_num_rows($name)>0) {
			for ($i=0; $i<mysql_num_rows($name); $i++) {
				$row_id=mysql_fetch_object($name);
				$dirprefs=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."content_dirs WHERE id='". $row_id->ofdir ."' and deleted='0'");
				if (mysql_num_rows($dirprefs)>0) {
					$row_dirprefs=mysql_fetch_object($dirprefs);
					// print_r($row_dirprefs);
					if (Contents::get_presence_id()==$row_dirprefs->presence) {
						$showpage=1;
						if($this->editmode==0 && $row_id->webusergroups!="") {
							if ($this->checkwebuser($row_id->webusergroups)) {
							} else {
								$showpage=0;
							}
						}
						$found=true;
						if($showpage==1) {
							$this->docuid=$row_id->id;
							if(!defined("DOCUID")) {
								define("DOCUID", $this->docuid);
							}
							$this->docuid2=$row_id->id2;
							$this->template=$row_id->template;
							$this->webtitle=$row_id->webtitle;
							$this->pagetitle=$row_id->pagetitle;
							$this->keywords=$row_id->keywords;
							$this->description=$row_id->description;
							$userinfo=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."users WHERE id='". $row_id->checkin_by ."'");
							if (mysql_num_rows($userinfo)==1) {
								$row_userinfo=mysql_fetch_object($userinfo);
								$this->checkinby=$row_userinfo->realname;
							}
							$this->checkindate=date("d.m.Y - H:i", $row_id->checkin_date);
							$this->language=$this->getlanguage($row_id->id2);
							$_SESSION["language"]=$this->language;
							$this->actpresence=$row_dirprefs->presence;
							if ($row_id->checkin_date!="0") {
								$this->checkedin=1;
							} else {
								$this->checkedin=0;
							}
							$_SESSION["act_doc"]=$this->docuid;
						} else {
							$this->response401();
						}
					}
					if($found==true) {
						break;
					}
				}
			}
			if($found==false) {
				$this->response404();
			}
		} else {
			$this->response404();
		}
	}

	function get_dir($docuid="") {
		if ($docuid=="") {
			$docuid=$_GET["dirname"];
		}
		$dirname=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."navigation WHERE (shortname='". $docuid ."' or id='". $docuid ."') and deleted='0'");
		if (mysql_num_rows($dirname)>0) {
			for($i=0; $i<mysql_num_rows($dirname); $i++) {
				$row_dir=mysql_fetch_object($dirname);
				if (Contents::get_presence_id()==$row_dir->presence) {
					$_SESSION["act_navi"]=$row_dir->id;
					$_SESSION["list_navi"]=array($row_dir->id=>1);
					$this->list_navi($row_dir->id, $row_dir->subof);
					// print_r($_SESSION["list_navi"]);
					$link=$row_dir->link;
					$linktype=$row_dir->linktype;
					if ($linktype=="1") {
						$this->get_document($link);
					} elseif($linktype=="3") {
						$this->get_dir($link);
					} elseif($link!="") {
						header("Location:". $link);
						exit();
					} else {
						$this->get_document($_SESSION["act_doc"]);
					}
				}/* else {
					$this->response404();
				} */
			}
		} else {
			$this->response404();
		}
	}

	function list_navi($startid, $subof) {
		$parent=mysql_query("SELECT id, subof FROM ". $GLOBALS["db_pref"] ."navigation WHERE id='". $subof ."'");
		if (mysql_num_rows($parent)>0) {
			$row=mysql_fetch_object($parent);
			$_SESSION["list_navi"][$row->id]=1;
			if ($row->subof!="0") {
				$this->list_navi($row->id, $row->subof);
			}
		}
	}

	public static function presence_rights($id) {
		$pres=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."users_presences WHERE presence='". $id ."' and user='". $_SESSION["userid"] ."'");
		if (mysql_num_rows($pres)==1) {
			return true;
		} else {
			return false;
		}
	}

	public static function get_presence_id() {
		// $_GET["show_xml"]=1;
		if (isset($_GET["pres"]) && Contents::presence_rights($_GET["pres"])) {
			return $_GET["pres"];
		} elseif (isset($_GET["dir"])) {
			$dirprops=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."content_dirs WHERE id='". $_GET["dir"] ."'");
			// echo "SELECT * FROM ". $GLOBALS["db_pref"] ."content_dirs WHERE id='". $_GET["dir"] ."'";
			if (mysql_num_rows($dirprops)==1) {
				$row_dirprops=mysql_fetch_object($dirprops);
				return $row_dirprops->presence;
			} else {
				return Contents::checkDomain();
				// die("Dieses Verzeichnis konnte nicht gefunden werden.");
			}
		} elseif (isset($_GET["name"])) {
			$nameprops=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."content_documents WHERE (((id='". str_replace(".html","", $_GET["name"]) ."' or shortname='". $_GET["name"] ."') and checkin_date!='0') or id2='". $_GET["name"] ."') and deleted='0'");
			if (mysql_num_rows($nameprops)>0) {
				for($i=0; $i<mysql_num_rows($nameprops); $i++) {
					$row_nameprops=mysql_fetch_object($nameprops);
					$dirprops=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."content_dirs WHERE id='". $row_nameprops->ofdir ."'");
					if (mysql_num_rows($dirprops)==1) {
						$row_dirprops=mysql_fetch_object($dirprops);
						if($_GET["name"]==$row_nameprops->id2) {
							return $row_dirprops->presence;
						} else {
							if(Contents::checkDomain()==$row_dirprops->presence) {
								return $row_dirprops->presence;
							}
						}
					}
				}
			} else {
				return Contents::checkDomain();
				// die("Dieses Dokument konnte nicht gefunden werden.");
			}
		} elseif (isset($_GET["dirname"])) {
			$nameprops=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."navigation WHERE (id='". $_GET["dirname"] ."' or shortname='". $_GET["dirname"] ."') and deleted='0'");
			if (mysql_num_rows($nameprops)>0) {
				for($i=0; $i<mysql_num_rows($nameprops); $i++) {
					$row_nameprops=mysql_fetch_object($nameprops);
					if($_GET["dirname"]==$row_nameprops->id) {
						return $row_nameprops->presence;
					} else {
						if(Contents::checkDomain()==$row_nameprops->presence) {						
                          return $row_nameprops->presence;
						}
					}
				}
			} else {
				return Contents::checkDomain();
				// die("Dieses Verzeichnis konnte nicht gefunden werden.");
			}
		} else {
			return Contents::checkDomain();
		}
	}

	public static function checkDomain() {
		if(isset($_SESSION["presence"])) {
			return $_SESSION["presence"];
		}
		if(isset($_SERVER["HTTP_HOST"])) {
			$server=explode(".", $_SERVER["HTTP_HOST"]);
		} else {
			$server=explode(".", $_SERVER["SERVER_NAME"]);
		}
		if (count($server)>1) {
			// for($i=(count($server) - 2); $i>=0; $i--) {
			for($i=0; $i<=(count($server) - 2); $i++) {
				// for($i=0; $i<(count($server) + 1); $i++) {
				$tmpdomainname="";
				reset($server);
				// for($j=0;$j<$i - 1; $j++) {
				for($j=(count($server) - 1);$j>($i - 1); $j--) {
					$tmpdomainname1=$server[$j];
					if ($tmpdomainname!="") {
						$tmpdomainname1.=".";
					}
					$tmpdomainname1.=$tmpdomainname;
					$tmpdomainname=$tmpdomainname1;
				}
				$checkdomain=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."domains WHERE domainname='". $tmpdomainname ."'");
				if (mysql_num_rows($checkdomain)==1) {
					$row_domainid=mysql_fetch_object($checkdomain);
					// print_r($row_domainid);
					$_SESSION["presence"]=$row_domainid->presence;
					return $row_domainid->presence;
				}
			}
		} else {
			return 1;
		}
	}

	function get_navigation($start=0, $level=0) {
		$navi=array();
		$subs=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."navigation WHERE subof='". $start ."' and presence='". $this->get_presence_id() ."' and deleted='0' order by `sort`");
		if (mysql_num_rows($subs)>0) {
			for($i=0; $i<mysql_num_rows($subs); $i++) {
				$row=mysql_fetch_object($subs);
				$active=0;
				if (getsetting("show_navigation_siblings")==1 || isset($_SESSION["list_navi"][$row->id])) {
					if (isset($_SESSION["list_navi"][$row->id])) {
						$active=1;
					}
					$subnavi=$this->get_navigation($row->id, ($level+1));
				} else {
					$subnavi=array();
				}
				if($this->language==getsetting("standard_language")) {
					$punktname=$row->name;
				} else {
					$langname=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."navigation_language WHERE language='". $this->language ."' and navid='". $row->id ."'");
					if(mysql_num_rows($langname)>0) {
						$row_langname=mysql_fetch_object($langname);
						if($row_langname->name=="") {
							$punktname="";
						} else {
							$punktname=$row_langname->name;
						}
					} else {
						$punktname=$row->name;
					}
				}
				// and language='". $this->language ."'
				if ($punktname!="") {
					$navi[]=array("id"=>$row->id, "name"=>$punktname, "shortname"=>$row->shortname, "linktarget"=>$row->linktarget, "subs"=>$subnavi, "graphic"=>$row->graphic, "overgraphic"=>$row->overgraphic, "active"=>$active);
				}
			}
		}
		return $navi;
	}

	/**
	* @var string $original;
	* @var string $type;
	* @return string;
	*/
	public static function create_unique_name($original, $type, $presence) {
		$table=$GLOBALS["db_pref"] . $type;
		$new_name=strtolower($original);
		$new_name=utf8_encode($new_name);
		$new_name=str_replace("�", "ae", $new_name);
		$new_name=str_replace("�", "ae", $new_name);
		$new_name=str_replace("�", "oe", $new_name);
		$new_name=str_replace("�", "oe", $new_name);
		$new_name=str_replace("�", "ue", $new_name);
		$new_name=str_replace("�", "ue", $new_name);
		$new_name=str_replace("�", "ae", $new_name);
		$new_name=str_replace("ä", "ae", $new_name);
		$new_name=str_replace("Ä", "ae", $new_name);
		$new_name=str_replace("ö", "oe", $new_name);
		$new_name=str_replace("Ö", "oe", $new_name);
		$new_name=str_replace("ü", "ue", $new_name);
		$new_name=str_replace("Ü", "ue", $new_name);
		$new_name=str_replace(" ", "_", $new_name);
		$new_name=str_replace("/", "_", $new_name);
		$new_name=str_replace("&", "und", $new_name);
		$new_name=substr($new_name,0,32);
		if($type=="content_documents") {
			$ordner=array();
			$exists_dir=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."content_dirs WHERE presence='". $presence ."' and deleted='0'");
			for($i=0; $i<mysql_num_rows($exists_dir); $i++) {
				$row_dir=mysql_fetch_object($exists_dir);
				$ordner[]="ofdir='". $row_dir->id ."'";
			}
			$exists=mysql_query("SELECT * FROM ". $table ." WHERE shortname='". $new_name ."' and (". implode(" OR ", $ordner) .") and deleted='0'");
		} else {
			$exists=mysql_query("SELECT * FROM ". $table ." WHERE shortname='". $new_name ."' and presence='". $presence ."' and deleted='0'");
		}
		/*
		if (mysql_num_rows($exists)>0) {
		$count=mysql_num_rows($exists);
		if (strlen($new_name . ($count + 1))>32) {
		$new_name=substr($new_name, 0, (strlen($new_name)) - (strlen($count + 1))) . ($count + 1);
		} else {
		$new_name=$new_name . ($count + 1);
		}
		}*/
		$new_name=Contents::check_unique_name($new_name, $table, $presence);

		return $new_name;
	}

	/**
	* @var string $original;
	* @var string $type;
	* @return string;
	*/
	public static function create_unique_docname($original, $type, $presence) {
		$table=$GLOBALS["db_pref"] . $type;
		$new_name=strtolower($original);
		$new_name=str_replace("�", "ae", $new_name);
		$new_name=str_replace("�", "oe", $new_name);
		$new_name=str_replace("�", "ue", $new_name);
		$new_name=str_replace("�", "ae", $new_name);
		$new_name=str_replace(" ", "_", $new_name);
		$new_name=str_replace("/", "_", $new_name);
		$new_name=str_replace("&", "und", $new_name);
		$new_name=substr($new_name,0,32);
		$found=0;
		$dirs=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."content_dirs WHERE presence='". $presence ."' and deleted='0'");
		for($i=0; $i<mysql_num_rows($dirs); $i++) {
			$row_dir=mysql_fetch_object($dirs);
			$exists=mysql_query("SELECT * FROM ". $table ." WHERE shortname='". $new_name ."' and ofdir='". $row_dir->id ."' and deleted='0'");
			if (mysql_num_rows($exists)>0) {
				$found++;
			}
		}
		/*
		if (mysql_num_rows($exists)>0) {
		$count=mysql_num_rows($exists);
		if (strlen($new_name . ($count + 1))>32) {
		$new_name=substr($new_name, 0, (strlen($new_name)) - (strlen($count + 1))) . ($count + 1);
		} else {
		$new_name=$new_name . ($count + 1);
		}
		}*/
		$new_name=Contents::check_unique_docname($new_name, $table, $presence);

		return $new_name;
	}

	public static function check_unique_name($name, $table, $presence, $act_count=0) {
		$name=$name;
		if ($act_count==0) {
			$act_count="";
		}
		if($table==$GLOBALS["db_pref"] ."content_documents") {
			$ordner=array();
			$exists_dir=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."content_dirs WHERE presence='". $presence ."' and deleted='0'");
			for($i=0; $i<mysql_num_rows($exists_dir); $i++) {
				$row_dir=mysql_fetch_object($exists_dir);
				$ordner[]="ofdir='". $row_dir->id ."'";
			}
			$exists=mysql_query("SELECT * FROM ". $table ." WHERE shortname='". $name . $act_count ."' and (". implode(" OR ", $ordner) .") and deleted='0'");
		} else {
			$exists=mysql_query("SELECT * FROM ". $table ." WHERE shortname='". $name . $act_count ."' and presence='". $presence ."' and deleted='0'");
		}
		if (mysql_num_rows($exists)>0) {
			if (strlen($name . ($act_count + 1))>32) {
				return Contents::check_unique_name(substr($name, 0, (strlen($name)) - (strlen($act_count + 1))), $table, $presence, ($act_count + 1));
			} else {
				return Contents::check_unique_name($name, $table, $presence, ($act_count + 1));
			}
		} else {
			return $name . $act_count;
		}
	}

	public function create_content_link($type, $url, $target) {
		mysql_query("INSERT INTO ". $GLOBALS["db_pref"] ."content_links SET type='". $type ."', url='". $url ."', target='". $target ."'");
		return mysql_insert_id();
	}

	public static function check_unique_docname($name, $table, $presence, $act_count=0) {
		$name=$name;
		if ($act_count==0) {
			$act_count="";
		}
		$found=0;
		$dirs=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."content_dirs WHERE presence='". $presence ."' and deleted='0'");
		for($i=0; $i<mysql_num_rows($dirs); $i++) {
			$row_dir=mysql_fetch_object($dirs);
			$exists=mysql_query("SELECT * FROM ". $table ." WHERE shortname='". $name . $act_count ."' and ofdir='". $row_dir->id ."' and deleted='0'");
			if (mysql_num_rows($exists)>0) {
				$found++;
			}
		}
		if ($found>0) {
			if (strlen($name . ($act_count + 1))>32) {
				return Contents::check_unique_name(substr($name, 0, (strlen($name)) - (strlen($act_count + 1))), $table, $presence, ($act_count + 1));
			} else {
				return Contents::check_unique_name($name, $table, $presence, ($act_count + 1));
			}
		} else {
			return $name . $act_count;
		}
	}

	/**
	* @return array;
	*/
	function get_documents() {
		$document=array();
		$repetitions=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."content_repetitions WHERE docuid='". $this->docuid2 ."' and language='". $this->language ."' AND deleted='0'");
		if (mysql_num_rows($repetitions)==0 && $this->editmode==0) {
			$repetitions=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."content_repetitions WHERE docuid='". $this->docuid2 ."' and language='". getsetting("standard_language") ."' AND deleted='0'");
		}
		for ($i=0; $i<mysql_num_rows($repetitions); $i++) {
			$row_rep=mysql_fetch_object($repetitions);
			$blocks=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."content_blocks WHERE repetition='". $row_rep->id ."' AND deleted='0'");
			$block=array();
			for ($j=0; $j<mysql_num_rows($blocks); $j++) {
				$row_block=mysql_fetch_object($blocks);
				$block[]=array($row_block->id, $row_block->name, stripslashes($row_block->content));
			}
			$images=mysql_query("SELECT * FROM ". $GLOBALS["db_pref"] ."content_images WHERE repetition='". $row_rep->id ."' AND deleted='0'");
			$image=array();
			for ($j=0; $j<mysql_num_rows($images); $j++) {
				$row_image=mysql_fetch_object($images);
				/*
				$imgtag="<img src=\"image://". $row_image->image ."\">";
				if(!empty($row_image->link)) {
				$imgtag="<a href=\"link://". $row_image->link ."\">". $imgtag ."</a>";
				}*/
				// $image[]=array($row_image->id, $row_image->name, $imgtag);
				$image[]=array($row_image->id, $row_image->name, $row_image->image, $row_image->link);
			}

			$document[]=array($row_rep->id, $row_rep->name, $row_rep->sort, $block, $row_rep->template, $image, $row_rep->module, $row_rep->id2);
		}
		return $document;
	}
}

class rowact {
	public $id;
	public $presence;
    public $name;
}
?>